Platform
php
Component
online-hotel-booking
Fixed in
1.0.1
CVE-2026-5705 describes a cross-site scripting (XSS) vulnerability discovered in Online Hotel Booking version 1.0. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user sessions and stealing sensitive data. The affected component is the Booking Endpoint, specifically the /booknow.php file. A public exploit is available, highlighting the urgency of remediation.
Successful exploitation of CVE-2026-5705 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious activities, including session hijacking, defacement of the website, and redirection to phishing sites. An attacker could steal user credentials, personal information, or even gain access to backend systems if the user has elevated privileges. The public availability of an exploit significantly increases the risk of widespread exploitation.
CVE-2026-5705 is publicly known with a readily available exploit, indicating a high probability of exploitation. It was disclosed on 2026-04-06. The vulnerability is tracked by NVD and CISA. Given the ease of exploitation, organizations using Online Hotel Booking should prioritize remediation.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5705 is to upgrade to a patched version of Online Hotel Booking. Since no fixed version is specified, immediate action is crucial. As a temporary workaround, implement strict input validation and output encoding on the 'roomname' parameter in /booknow.php. Consider using a Web Application Firewall (WAF) with XSS protection rules to filter malicious requests. Regularly review and update security configurations to minimize the attack surface.
Update the Online Hotel Booking plugin to the latest available version to mitigate the Cross-Site Scripting (XSS) vulnerability in the /booknow.php endpoint. Check the official plugin source for specific update instructions. Implement proper user input validation and escaping to prevent future XSS attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5705 is a cross-site scripting (XSS) vulnerability affecting Online Hotel Booking version 1.0, allowing attackers to inject malicious scripts via the /booknow.php file.
If you are using Online Hotel Booking version 1.0, you are potentially affected by this vulnerability. Immediate action is required.
Upgrade to a patched version of Online Hotel Booking. If a patch isn't available, implement input validation and output encoding as a temporary workaround.
Yes, a public exploit is available, indicating a high probability of active exploitation.
Refer to the Online Hotel Booking project's official website or security advisory page for the latest information and updates regarding CVE-2026-5705.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.